Privilege Escalation Vulnerability in mcollective-puppet-agent Plugin 1.12.0

Privilege Escalation Vulnerability in mcollective-puppet-agent Plugin 1.12.0

CVE-2017-2290 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

On Windows installations of the mcollective-puppet-agent plugin, version 1.12.0, a non-administrator user can create an executable that will be executed with administrator privileges on the next "mco puppet" run. Puppet Enterprise users are not affected. This is resolved in mcollective-puppet-agent 1.12.1.

Learn more about our User Device Pen Test.